YourSelfHosted/memos
1
0
Fork 0
mirror of https://github.com/usememos/memos.git synced 2025-06-05 22:09:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: prevent visitors from breaking demo (#2869)

Browse Source 
* chore: add en-GB language

* chore: remove en-GB contents

* chore: prevent visitors from breaking demo
- prevent disabling password login
- prevent updating `memos-demo` user
- prevent setting additional style
- prevent setting additional script
- add some error feedback to system settings UI

* Revert "chore: add en-GB language"

This reverts commit 2716377b04.
This commit is contained in:
Lincoln Nogueira
2024-01-31 02:16:31 -03:00
committed by GitHub
parent 49e3eb107c
commit 52539fc130
5 changed files with 43 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
api/v1/user.go
View File

@@ -316,6 +316,14 @@ func (s *APIV1Service) DeleteUser(c echo.Context) error {
return echo.NewHTTPError(http.StatusBadRequest, "Cannot delete current user")
}
findUser, err := s.Store.GetUser(ctx, &store.FindUser{ID: &userID})
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user").SetInternal(err)
}
if s.Profile.Mode == "demo" && findUser.Username == "memos-demo" {
return echo.NewHTTPError(http.StatusForbidden, "Unauthorized to delete this user in demo mode")
}
if err := s.Store.DeleteUser(ctx, &store.DeleteUser{
ID: userID,
}); err != nil {
@@ -366,6 +374,10 @@ func (s *APIV1Service) UpdateUser(c echo.Context) error {
return echo.NewHTTPError(http.StatusBadRequest, "Invalid update user request").SetInternal(err)
}
if s.Profile.Mode == "demo" && *request.Username == "memos-demo" {
return echo.NewHTTPError(http.StatusForbidden, "Unauthorized to update user in demo mode")
}
currentTs := time.Now().Unix()
userUpdate := &store.UpdateUser{
ID: userID,